GHSA-v5mh-h5hx-7v92: kube-router: GoBGP gRPC Admin Port Exposed on Node Primary IP Without Authentication, Allowing Cluster-Wide BGP Route Injection

When the kube-router routing controller starts (--run-router), it binds the GoBGP gRPC management server to the node’s primary IP (e.g., 192.168.1.10:50051) in addition to 127.0.0.1:50051. The default admin port is 50051 and the server is enabled by default with no TLS and no authentication. Any pod in the cluster can reach node IPs and therefore call the GoBGP gRPC API to inject arbitrary BGP routes, enumerate peer configurations, add unauthorized BGP neighbors, or withdraw legitimate routes. While kube-router’s BGP export policy of ROUTE_ACTION_REJECT limits the attack surface to the local node’s GoBGP RIB, an attacker can still impact local routing decisions.